Discovering Device-Layer Devices

Device discovery is a Device Layer process that leverages Enterprise Agents to discover devices in your network using SNMP (Simple Network Management Protocol). This process polls the network and devices specified in your discovery configuration (see Running Device Discovery). Discovery is a mandatory first step to monitoring your devices on our platform.

Prerequisites

Before initiating device discovery, ensure the following prerequisites are met:

  • SNMP Version: Use SNMP version 2c or SNMP version 3. We retrieve the same data regardless of the SNMP version.

  • Credentials: We require only read-only credentials to access SNMP information. We recommend creating new read-only credentials for the Enterprise Agents conducting the polling, but you can use existing read-only credentials.

  • Device Responsiveness: Verify that your devices are configured to answer SNMP queries.

    • Obtain from each device:

      • the version of SNMP enabled.

      • the community string (SNMPv2c) or authentication and privacy settings (SNMPv3).

  • Network Access: Ensure that SNMP queries are allowed from the Enterprise Agent IP addresses to each device.

    • Your target or other network devices (firewalls and other security devices) may restrict SNMP queries from Enterprise Agents to your target network devices using access control lists (ACLs). If so, add the Enterprise Agents' IP addresses to the ACLs. Allow SNMP queries destined to port 161/UDP.

Supported Management Information Bases

ThousandEyes supports the following Management Information Bases (MIBs):

  • Discovery

    • IF-MIB

    • SNMPv2-MIB

  • Interface Metrics

    • IF-MIB

    • IP-MIB

  • Device Metrics

    • CISCO-PROCESS-MIB

    • HOST-RESOURCES-MIB

    • JUNIPER-OPERATING-MIB

  • Topology

    • CDP-MIB

    • LLDP-MIB

Configuring Device Credentials

The Device Layer requires your devices' SNMP credentials in order to discover the devices.

  1. Go to Devices > Device Settings > Device Credentials.

  2. Click Add New Credentials.

  3. Give the credentials a meaningful name.

  4. Select the SNMP version.

  • SNMPv2 credentials consist of a single community string, which serves as a plain-text password.

  • SNMPv3 requires:

    • Security Name. Note: Do not use the same Security Name for multiple SNMPv3 credentials, as it can lead to unexpected behavior during device monitoring.

    • Context Name (optional).

    • Authentication Protocol and Key (optional).

    • Privacy Protocol and Key (optional; only if using an Authentication Protocol).

  1. Click Add New Credentials to save your changes.

If you have gathered different sets of credentials for different network devices, repeat the process for each set of credentials you have gathered.

Running Device Discovery

With credentials configured, you can now run device discovery. Device discovery can be performed manually or scheduled at regular intervals.

  • To run a one-time discovery, go to Devices > Settings > Devices. Click Find New Devices.

  • To schedule discoveries, go to Devices > Settings > Device Discoveries. Click Schedule Discovery.

Both methods require you to configure settings that specify the scale and frequency of the scan(s), among other specifics.

Discovery Basic Configuration

When configuring device discovery, specify the following parameters:

  • Discovery Name (for scheduled discoveries only): If you plan to run more than one scheduled discovery, for example for different networks, name this discovery in a way that meaningfully distinguishes it from your other discovery schedules.

  • Targets: The devices the Enterprise Agent should attempt to discover. You can enter:

    • Hostname

    • IP address

    • IP address range (e.g., 192.168.1.1-192.168.1.10)

    • Subnet in CIDR notation (e.g., 192.168.1.0/24)

    Device discovery only supports IPv4 for targets.

  • Monitoring Agent: The Enterprise Agent or an Enterprise Agent cluster designated to perform the discovery. Note the following:

    • If you select an Enterprise Agent cluster as the Monitoring Agent, as with all other testing performed by clusters, device-layer testing is performed by a single member of the cluster. The member is selected by the cluster load-balancing algorithm. If the agent performing the device-layer testing is removed from the cluster, device-layer testing is reassigned to another cluster member.

    • If an individual Enterprise Agent that is already performing device-layer testing is moved into an existing cluster, the device-layer view data (at Devices > Views) collected before that agent joined the cluster will be no longer available. Device-layer data found on the Path Visualization view (at Network & App Synthetics > Views) will continue to be available.

  • Credentials: Select the appropriate credentials for all expected devices within the specified targets. These are the credentials you set up in Configuring Device Credentials, above.

  • Interval (for scheduled discoveries only): The time interval between discovery runs, ranging from 5 minutes to 24 hours.

  • Notification Rules (for scheduled discoveries only): Device notifications assigned to this discovery task. You can create notification rules at Devices > Settings > Device Notifications.

  • Save as scheduled discovery (for one-time discoveries): Check this box if you decide you would like to transition your one-time discovery into a scheduled discovery. This allows you to fill in the additional fields needed for a scheduled discovery without switching panels.

Discovery Advanced Settings

Advanced settings can be applied to discovered as well as to monitored devices. If a device is discovered using advanced settings, those settings are not automatically carried over to its monitoring configuration; they must be reapplied to the individual device when monitoring is configured.

  • Allow List: Specify devices that the Enterprise Agent should attempt to discover.

    • Enter an IP address, IP address range (for example, 192.168.1.1-192.168.1.10), or subnet (CIDR notation; for example, 192.168.1.0/24).

    • Note: Hostnames are not permitted for allow lists.

  • Deny List: Specify devices that the Enterprise Agent should not attempt to discover.

    • Enter an IP address, IP address range (for example, 192.168.1.1-192.168.1.10), or subnet (CIDR notation; for example, 192.168.1.0/24).

    • Note: Hostnames are not permitted for deny lists.

    • Priority: If allow-list and deny-list entries overlap, deny-list entries take priority.

  • Maximum Hops: Limit the number of additional discovery attempts based on information returned by discovered devices.

    • The default is 0, which means only devices in the Targets field are polled, and no additional discovery attempts are made.

    • When Maximum Hops is greater than 0, the Enterprise Agent can perform discovery on additional networks reported by polled devices (if they are /26 or smaller). This recursive process continues until no new networks are found, allowing for the discovery of a maximum number of pollable devices across all networks without manual configuration.

This configuration contains some risk as it could send SNMP credentials to unexpected places. SNMP endpoints are typically configured on isolated management networks, not every VLAN on a device.

  • Connection Attempts: Set the number of connection attempts per device. Heavily utilized devices or saturated networks may require multiple SNMP connection attempts per device.

  • Connection Timeout: Set the timeout duration for each connection attempt.

  • Discovery Timeout: Set the total time allowed for the entire discovery process. This setting is particularly useful when Maximum Hops is greater than 0 to limit discovery if discovered devices return a large number of additional targets.

  • Reduce Query Size: This option instructs the device to send fewer fields in a response, rather than as many as it thinks it can fit.

    • Issue: Devices may not respond to specific requests, often midway through a series of queries, appearing as a timeout while other queries continue to work. This can occur if devices attempt to send responses larger than the network's maximum transmission unit (MTU).

    • Effect: Reducing the query size results in more queries being sent to the device for the same amount of data but can help keep UDP packets within the network MTU.

    • Note: Extremely large fields can still exceed the MTU limit even with this box checked. The recommended long-term solution is to fix the device or network configuration.

  • Query Mode: Select between Fast or Compatible query modes.

    • Fast Query: Attempts to request multiple separate Object Identifiers (OIDs) in the same request packet (iterating by row). This results in fewer queries to a device, especially when certain "columns" (OIDs) do not exist.

      • Note: some legacy devices may operate out of compliance and return OIDs out of order, meaning results cannot be returned for these devices.

    • Compatible Mode: Requests only one OID at a time and expects multiple results (iterating by column). This sends many more queries to the device, as a request is sent for every single field, even for unsupported MIBs. This mode is more reliable for devices that do not handle fast queries correctly.

Device Discovery Process

The device discovery process involves several distinct stages:

  1. Credentialless Discovery:

    • For each IP in the target range, the Enterprise Agent first requests an SNMPv3 discovery, sent without any credentials.

    • Most devices are configured to respond to such requests, regardless of whether SNMPv3 authentication is in use. This scan identifies the device’s SNMP service before further probing.

    • Devices that respond to scanning are added to a "credentialless" list in the results.

    • The only metadata available for "credentialless" devices is their engineId.

  2. Credentialled Discovery:

    • For every device that responds to credentialless discovery, the Enterprise Agent then attempts to request device metadata using a single query with each provided credential.

    • If the credentials are incorrect, the request times out.

    • When the credentials are correct and a response is received, the device is considered "discovered" with that specific credential. It is then moved from the "credentialless" list to the "discovered" list, and the system proceeds to import the rest of the device's metadata (step 3).

  3. Import:

    • For devices that respond to credentialled discovery, the system attempts to import further device metadata, specifically the list of interfaces and associated details.

    • Any extra device metadata obtained is added to the per-device results.

    • Devices with thousands of interfaces can result in missing (non-discovered) interfaces as the process times out, leading to partial metadata results. Use Discovery Timeout, Reduce Query Size, and Query Mode from the Advanced Settings to best avoid partial results.

  4. Processing:

    • After all target IPs have been exhausted and all dispatched requests have completed or timed out, a summary of the discovered devices is generated and sent to ThousandEyes for processing.

    • ThousandEyes looks up the device identity fields to determine if the device is already known.

    • Depending on whether a match is found, ThousandEyes either updates an existing device in the database or creates a new device entry.

Device Status

Once the discovery process has run, you can view your results at Devices > Settings > Devices.

Each device shows a status of either Pending or New in the Type column.

  • Pending: Credentialless device; cannot be monitored without valid credentials. Add credentials to change the status to New.

  • New: Device with valid credentials; can be monitored.

Device statuses do not expire; once a device is discovered with credentials, it will always show as New, for example.

Device Identification

Devices need to be uniquely identified within our system to be discovered and monitored effectively.

Devices are currently identified and established as unique based on all of the following fields:

  • ThousandEyes account ID: The ID of the account to which the device belongs.

  • Discovery agent ID: The ID of the Enterprise Agent that performed the initial device discovery.

  • Device IP: The device's SNMP management IP address.

  • Engine ID: The device's SNMP EngineID (obtained via OID 1.3.6.1.6.3.10.2.1.1). Null is an acceptible value for this field.

Limiting Device Duplicates

  • Multiple discovery agents: We do not recommend performing different discoveries over the same network using different Enterprise Agents. Since the discovery agent ID is used to qualify a device as “unique”, multiple agents would cause the same devices to be considered unique, leading to duplicates.

  • IP address changes: If a device changes its IP address, it will be considered a new device because the device IP is part of the unique identification criteria.

  • Engine ID changes: If a device changes its engineId, it will be considered a new device because the device's engineId is part of the unique identification criteria.

PreviousDevice LayerNextDevice Discovery Results

Last updated